What KB5083769 Changed and Why Backups Are Failing
April’s cumulative Windows security update KB5083769 introduced a critical change that is now breaking image-based backup workflows. As part of Microsoft’s Vulnerable Driver Blocklist, the update added the kernel driver psmounterex.sys to a deny list to mitigate CVE-2023-43896, a high‑severity buffer overflow that enables local privilege escalation and arbitrary code execution. Because many backup vendors relied on this shared driver for image‑mount operations, Windows now refuses to load it, triggering a cascade of failures across multiple products. Image creation often still completes, but operations that mount or manipulate disk images can fail outright. This is the root cause behind the “KB5083769 backup broken” complaints and explains why many users are suddenly encountering Windows update backup failure scenarios immediately after installing the April patch.
Which Backup Tools Are Affected and How the Issue Shows Up
The driver block in KB5083769 has a particularly sharp impact on popular enterprise and prosumer backup tools. Microsoft has confirmed that Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup are all affected when they attempt to perform image‑mount operations through psmounterex.sys. In many environments, backup jobs appear to run but later fail when mounting snapshots, or when administrators attempt to restore from image‑based backups. Symptoms include VSS snapshot timeouts, error messages such as “The backup has failed because Microsoft VSS has timed out during the snapshot creation,” and VSS_E_BAD_STATE codes. For IT teams troubleshooting a Windows update backup failure, a key diagnostic step is checking the Code Integrity log in Event Viewer. Event ID 3077 tied to Policy ID {D2BDA982-CCF6-4344-AC5B-0B44427B6816} explicitly records that psmounterex.sys was blocked, confirming the image-mount backup driver issue rather than a generic VSS problem.
Microsoft’s Position: Security First, Vendor Patches Required
Despite the disruption, Microsoft is not backing away from the new driver block. The company frames psmounterex.sys as a known vulnerable kernel driver that attackers can weaponize in bring‑your‑own‑vulnerable‑driver attacks, gaining ring‑zero code execution on otherwise fully patched systems. From Microsoft’s perspective, the risk of leaving CVE‑2023‑43896 open outweighs the inconvenience of broken image‑mount features. As a result, Microsoft is advising customers not to roll back KB5083769 or pause security updates. Instead, users should monitor their backup vendors for updated builds that replace psmounterex.sys with a hardened, non‑blocklisted driver. This guidance applies across Windows 10, Windows 11, and Windows Server installations. For organizations searching for a Macrium Acronis backup fix, the official recommendation is clear: keep the security patch in place and move quickly to deploy vendor‑supplied updates as they become available.
Immediate Workarounds While Waiting for Backup Vendor Fixes
Until Macrium, Acronis, UrBackup, and NinjaOne release updated builds, administrators must rely on temporary mitigations. The safest path is to keep KB5083769 installed, accept that image‑mount features may be limited, and adjust workflows accordingly—for example, by prioritizing full restores rather than mounting images for file‑level recovery where possible. In some environments, App Control for Business policies or custom blocklist settings can be tuned, but relaxing these controls carries security trade‑offs and should be approached cautiously. Users should explicitly document which jobs are failing, verify the driver block via Event ID 3077, and test any interim procedures to avoid silent data‑protection gaps. Critically, uninstalling the security update just to restore legacy driver behavior re‑opens a serious privilege‑escalation hole, undermining the very protections the patch delivers. The practical priority is to apply vendor patches the moment they provide a tested Macrium Acronis backup fix for the image-mount backup driver issue.
A Parallel Lesson from Dell’s SupportAssist Crashes
While distinct from the KB5083769 backup broken scenario, Dell’s recent SupportAssist Remediation problems underscore how vendor tools can unexpectedly destabilize otherwise healthy systems. A flawed SupportAssist Remediation update, version 5.5.16.0 released on April 30, has been triggering frequent CRITICAL_PROCESS_DIED blue screens, particularly on models like the XPS 15 9530 and Precision 3571. Community investigators traced the crashes to DellSupportAssistRemediationService.exe, and stability returned once the service was disabled or the tool uninstalled. The episode offers a useful reminder for backup administrators: when troubleshooting Windows update backup failure issues, it is essential to separate core OS patches from third‑party components that may also be at fault. Just as Dell users can temporarily disable a problematic remediation service, backup users should be prepared to quickly adjust or isolate specific components while still preserving critical security updates wherever possible.
